1*7c568831SAndroid Build Coastguard Worker /*
2*7c568831SAndroid Build Coastguard Worker * xinclude.c: a libFuzzer target to test the XInclude engine.
3*7c568831SAndroid Build Coastguard Worker *
4*7c568831SAndroid Build Coastguard Worker * See Copyright for the status of this software.
5*7c568831SAndroid Build Coastguard Worker */
6*7c568831SAndroid Build Coastguard Worker
7*7c568831SAndroid Build Coastguard Worker #include <libxml/catalog.h>
8*7c568831SAndroid Build Coastguard Worker #include <libxml/parser.h>
9*7c568831SAndroid Build Coastguard Worker #include <libxml/tree.h>
10*7c568831SAndroid Build Coastguard Worker #include <libxml/xmlerror.h>
11*7c568831SAndroid Build Coastguard Worker #include <libxml/xinclude.h>
12*7c568831SAndroid Build Coastguard Worker #include "fuzz.h"
13*7c568831SAndroid Build Coastguard Worker
14*7c568831SAndroid Build Coastguard Worker int
LLVMFuzzerInitialize(int * argc ATTRIBUTE_UNUSED,char *** argv ATTRIBUTE_UNUSED)15*7c568831SAndroid Build Coastguard Worker LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
16*7c568831SAndroid Build Coastguard Worker char ***argv ATTRIBUTE_UNUSED) {
17*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetup();
18*7c568831SAndroid Build Coastguard Worker xmlInitParser();
19*7c568831SAndroid Build Coastguard Worker #ifdef LIBXML_CATALOG_ENABLED
20*7c568831SAndroid Build Coastguard Worker xmlInitializeCatalog();
21*7c568831SAndroid Build Coastguard Worker xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
22*7c568831SAndroid Build Coastguard Worker #endif
23*7c568831SAndroid Build Coastguard Worker xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
24*7c568831SAndroid Build Coastguard Worker
25*7c568831SAndroid Build Coastguard Worker return 0;
26*7c568831SAndroid Build Coastguard Worker }
27*7c568831SAndroid Build Coastguard Worker
28*7c568831SAndroid Build Coastguard Worker int
LLVMFuzzerTestOneInput(const char * data,size_t size)29*7c568831SAndroid Build Coastguard Worker LLVMFuzzerTestOneInput(const char *data, size_t size) {
30*7c568831SAndroid Build Coastguard Worker xmlParserCtxtPtr ctxt;
31*7c568831SAndroid Build Coastguard Worker xmlDocPtr doc;
32*7c568831SAndroid Build Coastguard Worker const char *docBuffer, *docUrl;
33*7c568831SAndroid Build Coastguard Worker size_t maxAlloc, docSize;
34*7c568831SAndroid Build Coastguard Worker int opts;
35*7c568831SAndroid Build Coastguard Worker
36*7c568831SAndroid Build Coastguard Worker xmlFuzzDataInit(data, size);
37*7c568831SAndroid Build Coastguard Worker opts = (int) xmlFuzzReadInt(4);
38*7c568831SAndroid Build Coastguard Worker opts |= XML_PARSE_XINCLUDE;
39*7c568831SAndroid Build Coastguard Worker maxAlloc = xmlFuzzReadInt(4) % (size + 100);
40*7c568831SAndroid Build Coastguard Worker
41*7c568831SAndroid Build Coastguard Worker xmlFuzzReadEntities();
42*7c568831SAndroid Build Coastguard Worker docBuffer = xmlFuzzMainEntity(&docSize);
43*7c568831SAndroid Build Coastguard Worker docUrl = xmlFuzzMainUrl();
44*7c568831SAndroid Build Coastguard Worker if (docBuffer == NULL)
45*7c568831SAndroid Build Coastguard Worker goto exit;
46*7c568831SAndroid Build Coastguard Worker
47*7c568831SAndroid Build Coastguard Worker /* Pull parser */
48*7c568831SAndroid Build Coastguard Worker
49*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetLimit(maxAlloc);
50*7c568831SAndroid Build Coastguard Worker ctxt = xmlNewParserCtxt();
51*7c568831SAndroid Build Coastguard Worker if (ctxt != NULL) {
52*7c568831SAndroid Build Coastguard Worker xmlXIncludeCtxtPtr xinc;
53*7c568831SAndroid Build Coastguard Worker xmlDocPtr copy;
54*7c568831SAndroid Build Coastguard Worker
55*7c568831SAndroid Build Coastguard Worker xmlCtxtSetResourceLoader(ctxt, xmlFuzzResourceLoader, NULL);
56*7c568831SAndroid Build Coastguard Worker
57*7c568831SAndroid Build Coastguard Worker doc = xmlCtxtReadMemory(ctxt, docBuffer, docSize, docUrl, NULL, opts);
58*7c568831SAndroid Build Coastguard Worker xmlFuzzCheckMallocFailure("xmlCtxtReadMemory",
59*7c568831SAndroid Build Coastguard Worker ctxt->errNo == XML_ERR_NO_MEMORY);
60*7c568831SAndroid Build Coastguard Worker
61*7c568831SAndroid Build Coastguard Worker xinc = xmlXIncludeNewContext(doc);
62*7c568831SAndroid Build Coastguard Worker xmlXIncludeSetResourceLoader(xinc, xmlFuzzResourceLoader, NULL);
63*7c568831SAndroid Build Coastguard Worker xmlXIncludeSetFlags(xinc, opts);
64*7c568831SAndroid Build Coastguard Worker xmlXIncludeProcessNode(xinc, (xmlNodePtr) doc);
65*7c568831SAndroid Build Coastguard Worker if (doc != NULL) {
66*7c568831SAndroid Build Coastguard Worker xmlFuzzCheckMallocFailure("xmlXIncludeProcessNode",
67*7c568831SAndroid Build Coastguard Worker xinc == NULL ||
68*7c568831SAndroid Build Coastguard Worker xmlXIncludeGetLastError(xinc) == XML_ERR_NO_MEMORY);
69*7c568831SAndroid Build Coastguard Worker }
70*7c568831SAndroid Build Coastguard Worker xmlXIncludeFreeContext(xinc);
71*7c568831SAndroid Build Coastguard Worker
72*7c568831SAndroid Build Coastguard Worker xmlFuzzResetMallocFailed();
73*7c568831SAndroid Build Coastguard Worker copy = xmlCopyDoc(doc, 1);
74*7c568831SAndroid Build Coastguard Worker if (doc != NULL)
75*7c568831SAndroid Build Coastguard Worker xmlFuzzCheckMallocFailure("xmlCopyNode", copy == NULL);
76*7c568831SAndroid Build Coastguard Worker xmlFreeDoc(copy);
77*7c568831SAndroid Build Coastguard Worker
78*7c568831SAndroid Build Coastguard Worker xmlFreeDoc(doc);
79*7c568831SAndroid Build Coastguard Worker xmlFreeParserCtxt(ctxt);
80*7c568831SAndroid Build Coastguard Worker }
81*7c568831SAndroid Build Coastguard Worker
82*7c568831SAndroid Build Coastguard Worker exit:
83*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetLimit(0);
84*7c568831SAndroid Build Coastguard Worker xmlFuzzDataCleanup();
85*7c568831SAndroid Build Coastguard Worker xmlResetLastError();
86*7c568831SAndroid Build Coastguard Worker return(0);
87*7c568831SAndroid Build Coastguard Worker }
88*7c568831SAndroid Build Coastguard Worker
89